@p0security/cli 0.10.0 → 0.10.1

package/dist/plugins/okta/aws.js

@@ -40,3 +40,4 @@ const assumeRoleWithOktaSaml = (authn, args) => __awaiter(void 0, void 0, void 0
     }), { duration: 3600e3 });
 });
 exports.assumeRoleWithOktaSaml = assumeRoleWithOktaSaml;
+//# sourceMappingURL=aws.js.map

package/dist/plugins/okta/aws.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../src/plugins/okta/aws.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,kDAAsE;AACtE,6CAA4C;AAE5C,kDAAuD;AAEhD,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,IAA0C,EAC1C,EAAE;IACF,OAAA,MAAM,IAAA,aAAM,EACV,YAAY,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE,EACzC,GAAS,EAAE;QACT,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAA,mBAAY,EAC1D,KAAK,EACL,IAAI,CAAC,SAAS,CACf,CAAC;QACF,MAAM,EAAE,KAAK,EAAE,GAAG,IAAA,oBAAa,EAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACvD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5B,MAAM,yCAAyC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACzF,OAAO,MAAM,IAAA,+BAAkB,EAAC;YAC9B,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI,EAAE;gBACJ,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,gBAAgB;gBACpD,QAAQ,EAAE,YAAY;aACvB;SACF,CAAC,CAAC;IACL,CAAC,CAAA,EACD,EAAE,QAAQ,EAAE,MAAM,EAAE,CACrB,CAAA;EAAA,CAAC;AAxBS,QAAA,sBAAsB,0BAwB/B"}

package/dist/plugins/okta/login.js

@@ -89,3 +89,4 @@ const getSamlResponse = (identity, config) => __awaiter(void 0, void 0, void 0,
     return samlResponse;
 });
 exports.getSamlResponse = getSamlResponse;
+//# sourceMappingURL=login.js.map

package/dist/plugins/okta/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/plugins/okta/login.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,iDAAsD;AACtD,8CAAiE;AAKjE,yCAIuB;AACvB,iCAA8B;AAC9B,mCAA8B;AAE9B,MAAM,iBAAiB,GAAG,+CAA+C,CAAC;AAC1E,MAAM,aAAa,GAAG,2CAA2C,CAAC;AAClE,MAAM,mBAAmB,GAAG,iDAAiD,CAAC;AAC9E,MAAM,kBAAkB,GAAG,yCAAyC,CAAC;AAErE,iEAAiE;AACjE,MAAM,gBAAgB,GAAG,CACvB,KAAa,EACb,EAAE,GAAG,EAAE,UAAU,EAAY,EAC7B,EAAE;IACF,MAAM,IAAI,GAAG;QACX,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,mBAAY;QACrB,IAAI,EAAE,IAAA,iBAAS,EAAC;YACd,QAAQ,EAAE,iBAAiB,KAAK,EAAE;YAClC,SAAS,EAAE,GAAG,CAAC,QAAQ;YACvB,WAAW,EAAE,UAAU,CAAC,YAAY;YACpC,gBAAgB,EAAE,iBAAiB;YACnC,aAAa,EAAE,UAAU,CAAC,QAAQ;YAClC,kBAAkB,EAAE,aAAa;YACjC,UAAU,EAAE,mBAAmB;YAC/B,oBAAoB,EAAE,kBAAkB;SACzC,CAAC;KACH,CAAC;IACF,IAAA,8BAAsB,EAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,SAAS,GAAG,CAAC,cAAc,kBAAkB,EAC7C,IAAI,CACL,CAAC;IACF,MAAM,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC;IACjC,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAkB,CAAC;AAClD,CAAC,CAAA,CAAC;AAEF,4CAA4C;AAC5C,MAAM,iBAAiB,GAAG,CACxB,GAAY,EACZ,EAAE,YAAY,EAAiB,EAC/B,EAAE;IACF,MAAM,IAAI,GAAG;QACX,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,IAAA,aAAI,EAAC,mBAAY,EAAE,cAAc,CAAC;KAC5C,CAAC;IACF,IAAA,8BAAsB,EAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,GAAG,GAAG,WACV,GAAG,CAAC,cACN,0BAA0B,kBAAkB,CAAC,YAAY,CAAC,EAAE,CAAC;IAC7D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACxC,MAAM,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,aAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CACjD,4BAA4B,CAC7B,CAAC;IACF,OAAQ,SAA0C,aAA1C,SAAS,uBAAT,SAAS,CAAmC,KAAK,CAAC;AAC5D,CAAC,CAAA,CAAC;AAEF,+BAA+B;AACxB,MAAM,SAAS,GAAG,CAAO,GAAY,EAAE,EAAE;IAC9C,OAAA,IAAA,iBAAS,EACP,IAAA,sBAAc,EAAC,GAAG,EAAE,oCAAoC,EAAE,GAAG,EAAE;QAC7D,IAAI,GAAG,CAAC,YAAY,KAAK,MAAM,EAAE;YAC/B,MAAM,yBAAyB,GAAG,CAAC,YAAY,oBAAoB,CAAC;SACrE;QACD,OAAO;YACL,sBAAsB,EAAE,WAAW,GAAG,CAAC,cAAc,6BAA6B;YAClF,QAAQ,EAAE,WAAW,GAAG,CAAC,cAAc,kBAAkB;SAC1D,CAAC;IACJ,CAAC,CAAC,CACH,CAAA;EAAA,CAAC;AAXS,QAAA,SAAS,aAWlB;AAEJ,gDAAgD;AAChD,wBAAwB;AACjB,MAAM,eAAe,GAAG,CAC7B,QAAkB,EAClB,MAAyB,EACzB,EAAE;IACF,MAAM,gBAAgB,GAAG,MAAM,gBAAgB,CAC7C,MAAM,CAAC,QAAQ,CAAC,KAAK,EACrB,QAAQ,CACT,CAAC;IACF,MAAM,YAAY,GAAG,MAAM,iBAAiB,CAAC,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;IAC7E,IAAI,CAAC,YAAY,EAAE;QACjB,MAAM,uCAAuC,CAAC;KAC/C;IACD,OAAO,YAAY,CAAC;AACtB,CAAC,CAAA,CAAC;AAbW,QAAA,eAAe,mBAa1B"}

package/dist/plugins/ping/login.js

@@ -24,3 +24,4 @@ const pingLogin = (org) => __awaiter(void 0, void 0, void 0, function* () {
     }));
 });
 exports.pingLogin = pingLogin;
+//# sourceMappingURL=login.js.map

package/dist/plugins/ping/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/plugins/ping/login.ts"],"names":[],"mappings":";;;;;;;;;;;;AAYA,yCAA0D;AAE1D,kCAAkC;AAC3B,MAAM,SAAS,GAAG,CAAO,GAAY,EAAE,EAAE;IAC9C,OAAA,IAAA,iBAAS,EACP,IAAA,sBAAc,EAAC,GAAG,EAAE,sBAAsB,EAAE,GAAG,EAAE;QAC/C,IAAI,GAAG,CAAC,YAAY,KAAK,MAAM,IAAI,GAAG,CAAC,YAAY,KAAK,SAAS,EAAE;YACjE,MAAM,yBAAyB,GAAG,CAAC,YAAY,oBAAoB,CAAC;SACrE;QACD,OAAO;YACL,sBAAsB,EAAE,WAAW,GAAG,CAAC,cAAc,IAAI,GAAG,CAAC,aAAa,0BAA0B;YACpG,QAAQ,EAAE,WAAW,GAAG,CAAC,cAAc,IAAI,GAAG,CAAC,aAAa,WAAW;SACxE,CAAC;IACJ,CAAC,CAAC,CACH,CAAA;EAAA,CAAC;AAXS,QAAA,SAAS,aAWlB"}

package/dist/plugins/ssh/index.js

@@ -23,7 +23,6 @@ You should have received a copy of the GNU General Public License along with @p0
 const ssh_1 = require("../../commands/shared/ssh");
 const keys_1 = require("../../common/keys");
 const stdio_1 = require("../../drivers/stdio");
-const ssh_agent_1 = require("../ssh-agent");
 const node_child_process_1 = require("node:child_process");
 /** Matches the error message that AWS SSM print1 when access is not propagated */
 // Note that the resource will randomly be either the SSM document or the EC2 instance
@@ -177,6 +176,13 @@ function spawnSshNode(options) {
 const createCommand = (data, args, proxyCommand) => {
     const commonArgs = [
         ...(args.debug ? ["-v"] : []),
+        // Explicitly specify which private key to use to avoid "Too many authentication failures"
+        // error caused by SSH trying every available key
+        "-i",
+        keys_1.PRIVATE_KEY_PATH,
+        // Only use the authentication identity specified by -i above
+        "-o",
+        "IdentitiesOnly=yes",
         "-o",
         `ProxyCommand=${proxyCommand.join(" ")}`,
     ];
@@ -255,34 +261,31 @@ const sshOrScp = (args) => __awaiter(void 0, void 0, void 0, function* () {
     }
     const credential = yield sshProvider.cloudProviderLogin(authn, request);
     const proxyCommand = sshProvider.proxyCommand(request);
-    return (0, ssh_agent_1.withSshAgent)(cmdArgs, () => __awaiter(void 0, void 0, void 0, function* () {
-        const { command, args } = createCommand(request, cmdArgs, proxyCommand);
-        if (cmdArgs.debug) {
-            const reproCommands = sshProvider.reproCommands(request);
-            if (reproCommands) {
-                const repro = [
-                    `eval $(ssh-agent)`,
-                    `ssh-add "${keys_1.PRIVATE_KEY_PATH}"`,
-                    ...reproCommands,
-                    `${command} ${transformForShell(args).join(" ")}`,
-                ].join("\n");
-                (0, stdio_1.print2)(`Execute the following commands to create a similar SSH/SCP session:\n*** COMMANDS BEGIN ***\n${repro}\n*** COMMANDS END ***"\n`);
-            }
+    const { command, args: commandArgs } = createCommand(request, cmdArgs, proxyCommand);
+    if (cmdArgs.debug) {
+        const reproCommands = sshProvider.reproCommands(request);
+        if (reproCommands) {
+            const repro = [
+                ...reproCommands,
+                `${command} ${transformForShell(commandArgs).join(" ")}`,
+            ].join("\n");
+            (0, stdio_1.print2)(`Execute the following commands to create a similar SSH/SCP session:\n*** COMMANDS BEGIN ***\n${repro}\n*** COMMANDS END ***"\n`);
         }
-        const exitCode = yield preTestAccessPropagationIfNeeded(sshProvider, request, cmdArgs, proxyCommand, credential);
-        if (exitCode && exitCode !== 0) {
-            return exitCode; // Only exit if there was an error when pre-testing
-        }
-        return spawnSshNode({
-            credential,
-            abortController: new AbortController(),
-            command,
-            args,
-            stdio: ["inherit", "inherit", "pipe"],
-            debug: cmdArgs.debug,
-            provider: request.type,
-            attemptsRemaining: sshProvider.maxRetries,
-        });
-    }));
+    }
+    const exitCode = yield preTestAccessPropagationIfNeeded(sshProvider, request, cmdArgs, proxyCommand, credential);
+    if (exitCode && exitCode !== 0) {
+        return exitCode; // Only exit if there was an error when pre-testing
+    }
+    return spawnSshNode({
+        credential,
+        abortController: new AbortController(),
+        command,
+        args: commandArgs,
+        stdio: ["inherit", "inherit", "pipe"],
+        debug: cmdArgs.debug,
+        provider: request.type,
+        attemptsRemaining: sshProvider.maxRetries,
+    });
 });
 exports.sshOrScp = sshOrScp;
+//# sourceMappingURL=index.js.map

package/dist/plugins/ssh/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/ssh/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAAuE;AACvE,4CAAqD;AACrD,+CAA6C;AAI7C,2DAK4B;AAG5B,kFAAkF;AAClF,sFAAsF;AACtF,MAAM,kCAAkC,GACtC,0RAA0R,CAAC;AAC7R;;;;;;GAMG;AACH,MAAM,yBAAyB,GAC7B,kEAAkE,CAAC;AACrE,MAAM,yBAAyB,GAAG,iCAAiC,CAAC;AACpE,MAAM,gCAAgC,GACpC,mDAAmD,CAAC;AACtD,MAAM,kCAAkC,GACtC,+CAA+C,CAAC;AAClD,MAAM,sBAAsB,GAC1B,4DAA4D,CAAC;AAC/D,MAAM,oBAAoB,GACxB,sDAAsD,CAAC;AACzD,MAAM,YAAY,GAAG,uCAAuC,CAAC,CAAC,mEAAmE;AAEjI;;GAEG;AACH,MAAM,4BAA4B,GAAG,GAAG,CAAC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,6BAA6B,GAAG;IACpC,EAAE,OAAO,EAAE,kCAAkC,EAAE;IAC/C,EAAE,OAAO,EAAE,yBAAyB,EAAE;IACtC,EAAE,OAAO,EAAE,yBAAyB,EAAE;IACtC,EAAE,OAAO,EAAE,YAAY,EAAE;IACzB,EAAE,OAAO,EAAE,gCAAgC,EAAE;IAC7C,EAAE,OAAO,EAAE,kCAAkC,EAAE,kBAAkB,EAAE,IAAI,EAAE;IACzE,EAAE,OAAO,EAAE,sBAAsB,EAAE;CACpC,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,MAAM,sBAAsB,GAAG,CAC7B,KAAgD,EAChD,KAAe,EACf,EAAE;IACF,IAAI,gCAAgC,GAAG,KAAK,CAAC;IAC7C,IAAI,sBAAsB,GAAG,KAAK,CAAC;IACnC,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE/B,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;QAChC,MAAM,WAAW,GAAW,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAEpD,IAAI,KAAK;YAAE,IAAA,cAAM,EAAC,WAAW,CAAC,CAAC;QAE/B,MAAM,KAAK,GAAG,6BAA6B,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAC3D,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CACnC,CAAC;QAEF,IACE,KAAK;YACL,IAAI,CAAC,GAAG,EAAE;gBACR,WAAW,GAAG,CAAC,KAAK,CAAC,kBAAkB,IAAI,4BAA4B,CAAC,EAC1E;YACA,gCAAgC,GAAG,IAAI,CAAC;SACzC;QAED,MAAM,gBAAgB,GAAG,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACjE,sBAAsB,GAAG,sBAAsB,IAAI,CAAC,CAAC,gBAAgB,CAAC,CAAC,yBAAyB;QAChG,IAAI,sBAAsB,EAAE;YAC1B,gCAAgC,GAAG,KAAK,CAAC,CAAC,yDAAyD;SACpG;IACH,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,kBAAkB,EAAE,GAAG,EAAE,CAAC,CAAC,gCAAgC;QAC3D,sBAAsB,EAAE,GAAG,EAAE,CAAC,sBAAsB;KACrD,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,UAAsC,EACtC,OAAe,EACf,IAAc,EACd,KAAwC,EACxC,EAAE,CACF,IAAA,0BAAK,EAAC,OAAO,EAAE,IAAI,EAAE;IACnB,GAAG,kCACE,OAAO,CAAC,GAAG,GACX,UAAU,CACd;IACD,KAAK;IACL,KAAK,EAAE,KAAK;CACb,CAAC,CAAC;AAeL;;;GAGG;AAEH,SAAe,YAAY,CACzB,OAA4B;;QAE5B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,QAAQ,GAAG,mBAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAEjD,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC;YACpD,IAAI,OAAO,CAAC,KAAK,EAAE;gBACjB,MAAM,MAAM,GAAG,OAAO,CAAC,0BAA0B;oBAC/C,CAAC,CAAC,aAAa;oBACf,CAAC,CAAC,QAAQ,CAAC;gBACb,IAAA,cAAM,EACJ,oCAAoC,MAAM,wCAAwC,iBAAiB,GAAG,CACvG,CAAC;aACH;YAED,MAAM,KAAK,GAAG,iBAAiB,CAC7B,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,OAAO,EACf,OAAO,CAAC,IAAI,EACZ,OAAO,CAAC,KAAK,CACd,CAAC;YAEF,mIAAmI;YACnI,MAAM,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,GAClD,sBAAsB,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YAE/C,MAAM,YAAY,GAAG,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;;gBAC7C,YAAY,CAAC,KAAK,EAAE,CAAC;gBACrB,uEAAuE;gBACvE,sDAAsD;gBACtD,IAAI,CAAC,kBAAkB,EAAE,EAAE;oBACzB,IAAI,iBAAiB,IAAI,CAAC,EAAE;wBAC1B,MAAM,CACJ,oCAAoC,QAAQ,CAAC,YAAY,yFAAyF,CACnJ,CAAC;wBACF,OAAO;qBACR;oBAED,YAAY,iCACP,OAAO,KACV,iBAAiB,EAAE,iBAAiB,GAAG,CAAC,IACxC;yBACC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;yBAC7B,KAAK,CAAC,MAAM,CAAC,CAAC;oBAEjB,OAAO;iBACR;qBAAM,IAAI,sBAAsB,EAAE,EAAE;oBACnC,MAAM,CAAC,2DAA2D,CAAC,CAAC;oBACpE,OAAO;iBACR;gBAED,MAAA,OAAO,CAAC,eAAe,0CAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,CAAC,OAAO,CAAC,0BAA0B;oBAAE,IAAA,cAAM,EAAC,wBAAwB,CAAC,CAAC;gBAC1E,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CAAA;AAED,MAAM,aAAa,GAAG,CACpB,IAAgB,EAChB,IAAiB,EACjB,YAAsB,EACtB,EAAE;IACF,MAAM,UAAU,GAAG;QACjB,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7B,0FAA0F;QAC1F,iDAAiD;QACjD,IAAI;QACJ,uBAAgB;QAChB,6DAA6D;QAC7D,IAAI;QACJ,oBAAoB;QACpB,IAAI;QACJ,gBAAgB,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;KACzC,CAAC;IAEF,IAAI,QAAQ,IAAI,IAAI,EAAE;QACpB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE;gBACJ,GAAG,UAAU;gBACb,+DAA+D;gBAC/D,iCAAiC;gBACjC,IAAI;gBACJ,uBAAuB;gBACvB,IAAI;gBACJ,yBAAyB;gBACzB,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjC,IAAI,CAAC,MAAM;gBACX,IAAI,CAAC,WAAW;aACjB;SACF,CAAC;KACH;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,IAAI,EAAE;YACJ,GAAG,UAAU;YACb,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACzB,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACjC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACjC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACzB,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACjC,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,EAAE,EAAE;YAClC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CACnB,CAAC,QAAQ,EAAE,EAAE;YACX,yGAAyG;YACzG,mGAAmG;YACnG,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAC/C;SACF;KACF,CAAC;AACJ,CAAC,CAAC;AAEF,uJAAuJ;AACvJ,MAAM,iBAAiB,GAAG,CAAC,IAAc,EAAE,EAAE;IAC3C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACtB,8DAA8D;QAC9D,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE;YACnC,MAAM,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,2HAA2H;YACpK,OAAO,GAAG,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;SACvC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,+HAA+H;AAC/H,MAAM,gCAAgC,GAAG,CAGvC,WAAc,EACd,OAAmB,EACnB,OAAoB,EACpB,YAAsB,EACtB,UAEa,EACb,EAAE;IACF,MAAM,WAAW,GAAG,WAAW,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;IACtE,kGAAkG;IAClG,wDAAwD;IACxD,IAAI,WAAW,EAAE;QACf,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;QAC5E,8EAA8E;QAC9E,OAAO,YAAY,CAAC;YAClB,UAAU;YACV,eAAe,EAAE,IAAI,eAAe,EAAE;YACtC,OAAO;YACP,IAAI;YACJ,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;YACrC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,IAAI;YACtB,iBAAiB,EAAE,WAAW,CAAC,UAAU;YACzC,0BAA0B,EAAE,IAAI;SACjC,CAAC,CAAC;KACJ;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAA,CAAC;AAEK,MAAM,QAAQ,GAAG,CAAO,IAM9B,EAAE,EAAE;IACH,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;IAClE,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,8FAA8F,CAAC;KACtG;IAED,MAAM,UAAU,GACd,MAAM,WAAW,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAEvD,MAAM,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IAEvD,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,aAAa,CAClD,OAAO,EACP,OAAO,EACP,YAAY,CACb,CAAC;IAEF,IAAI,OAAO,CAAC,KAAK,EAAE;QACjB,MAAM,aAAa,GAAG,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACzD,IAAI,aAAa,EAAE;YACjB,MAAM,KAAK,GAAG;gBACZ,GAAG,aAAa;gBAChB,GAAG,OAAO,IAAI,iBAAiB,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;aACzD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,IAAA,cAAM,EACJ,gGAAgG,KAAK,2BAA2B,CACjI,CAAC;SACH;KACF;IAED,MAAM,QAAQ,GAAG,MAAM,gCAAgC,CACrD,WAAW,EACX,OAAO,EACP,OAAO,EACP,YAAY,EACZ,UAAU,CACX,CAAC;IACF,IAAI,QAAQ,IAAI,QAAQ,KAAK,CAAC,EAAE;QAC9B,OAAO,QAAQ,CAAC,CAAC,mDAAmD;KACrE;IAED,OAAO,YAAY,CAAC;QAClB,UAAU;QACV,eAAe,EAAE,IAAI,eAAe,EAAE;QACtC,OAAO;QACP,IAAI,EAAE,WAAW;QACjB,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;QACrC,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,QAAQ,EAAE,OAAO,CAAC,IAAI;QACtB,iBAAiB,EAAE,WAAW,CAAC,UAAU;KAC1C,CAAC,CAAC;AACL,CAAC,CAAA,CAAC;AAzDW,QAAA,QAAQ,YAyDnB"}

package/dist/plugins/ssh/types.d.ts

@@ -8,14 +8,14 @@ This file is part of @p0security/cli
 
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
-declare type SshItemConfig = {
+type SshItemConfig = {
     label?: string;
     state: string;
 };
-export declare type SshConfig = {
+export type SshConfig = {
     "iam-write": Record<string, SshItemConfig>;
 };
-export declare type CommonSshPermissionSpec = {
+export type CommonSshPermissionSpec = {
     publicKey: string;
     sudo?: boolean;
 };

package/dist/plugins/ssh/types.js

@@ -1,2 +1,3 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/plugins/ssh/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/plugins/ssh/types.ts"],"names":[],"mappings":""}

package/dist/testing/firestore.js

@@ -14,3 +14,4 @@ You should have received a copy of the GNU General Public License along with @p0
 const firestore_1 = require("firebase/firestore");
 const mockGetDoc = (data) => firestore_1.getDoc.mockResolvedValue({ data: () => data });
 exports.mockGetDoc = mockGetDoc;
+//# sourceMappingURL=firestore.js.map

package/dist/testing/firestore.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"firestore.js","sourceRoot":"","sources":["../../src/testing/firestore.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;GASG;AACH,kDAA4C;AAErC,MAAM,UAAU,GAAG,CAAC,IAAS,EAAE,EAAE,CACrC,kBAAoB,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;AADnD,QAAA,UAAU,cACyC"}

package/dist/testing/yargs.js

@@ -21,3 +21,4 @@ const failure = (spec, command) => __awaiter(void 0, void 0, void 0, function* (
     return error;
 });
 exports.failure = failure;
+//# sourceMappingURL=yargs.js.map

package/dist/testing/yargs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"yargs.js","sourceRoot":"","sources":["../../src/testing/yargs.ts"],"names":[],"mappings":";;;;;;;;;;;;AAYO,MAAM,OAAO,GAAG,CAAO,IAAgB,EAAE,OAAe,EAAE,EAAE;IACjE,IAAI,KAAU,CAAC;IACf,IAAI;QACF,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;KAC3D;IAAC,OAAO,MAAW,EAAE;QACpB,KAAK,GAAG,MAAM,CAAC;KAChB;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAA,CAAC;AARW,QAAA,OAAO,WAQlB"}

package/dist/types/allow.d.ts

@@ -8,7 +8,7 @@ This file is part of @p0security/cli
 
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
-export declare type AllowResponse = {
+export type AllowResponse = {
     ok: true;
     message: string;
 };

package/dist/types/allow.js

@@ -1,2 +1,3 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=allow.js.map

package/dist/types/allow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"allow.js","sourceRoot":"","sources":["../../src/types/allow.ts"],"names":[],"mappings":""}

package/dist/types/aws/oidc.d.ts

@@ -8,7 +8,7 @@ This file is part of @p0security/cli
 
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
-export declare type AWSClientInformation = {
+export type AWSClientInformation = {
     authorizationEndpoint: string;
     clientId: string;
     clientIdIssuedAt: number;
@@ -19,14 +19,14 @@ export declare type AWSClientInformation = {
 /**
  * AWS OIDC token response uses camelCase instead of snake_case
  */
-export declare type AWSTokenResponse = {
+export type AWSTokenResponse = {
     accessToken: string;
     expiresIn: number;
     idToken: string;
     refreshToken: string;
     tokenType: string;
 };
-export declare type AWSAuthorizeResponse = {
+export type AWSAuthorizeResponse = {
     deviceCode: string;
     expiresIn: number;
     interval: number;

package/dist/types/aws/oidc.js

@@ -10,3 +10,4 @@ This file is part of @p0security/cli
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
 Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=oidc.js.map

package/dist/types/aws/oidc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.js","sourceRoot":"","sources":["../../../src/types/aws/oidc.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG"}

package/dist/types/identity.d.ts

@@ -11,13 +11,13 @@ You should have received a copy of the GNU General Public License along with @p0
 import { TokenResponse } from "./oidc";
 import { OrgData } from "./org";
 import { UserCredential } from "firebase/auth";
-export declare type Identity = {
+export type Identity = {
     credential: TokenResponse & {
         expires_at: number;
     };
     org: OrgData;
 };
-export declare type Authn = {
+export type Authn = {
     identity: Identity;
     userCredential: UserCredential;
 };

package/dist/types/identity.js

@@ -1,2 +1,3 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=identity.js.map

package/dist/types/identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/types/identity.ts"],"names":[],"mappings":""}

package/dist/types/index.js

@@ -13,3 +13,4 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.isa = void 0;
 const isa = (values) => (item) => values.includes(item);
 exports.isa = isa;
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;AAEI,MAAM,GAAG,GACd,CAAI,MAAoB,EAAE,EAAE,CAC5B,CAAC,IAAS,EAAa,EAAE,CACvB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AAHb,QAAA,GAAG,OAGU"}

package/dist/types/oidc.d.ts

@@ -9,7 +9,7 @@ This file is part of @p0security/cli
 
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
-export declare type AuthorizeRequest = {
+export type AuthorizeRequest = {
     client_id: string;
     code_challenge: string;
     code_challenge_method: "plain" | "S256";
@@ -19,7 +19,7 @@ export declare type AuthorizeRequest = {
     state?: string;
     login_hint?: string;
 };
-export declare type AuthorizeResponse = {
+export type AuthorizeResponse = {
     device_code: string;
     user_code: string;
     verification_uri: string;
@@ -27,7 +27,7 @@ export declare type AuthorizeResponse = {
     expires_in: number;
     interval: number;
 };
-export declare type TokenResponse = {
+export type TokenResponse = {
     access_token: string;
     id_token: string;
     token_type: string;
@@ -37,10 +37,10 @@ export declare type TokenResponse = {
     device_secret: string;
     expiry: string;
 };
-export declare type TokenErrorResponse = {
+export type TokenErrorResponse = {
     error: "access_denied" | "authorization_pending" | "bad grant type" | "expired_token" | "missing parameter" | "not found" | "slow_down";
 };
-export declare type OidcLoginSteps<A> = {
+export type OidcLoginSteps<A> = {
     providerType: LoginPluginType;
     validateResponse: (response: Response) => Promise<Response>;
     buildAuthorizeRequest: () => {

package/dist/types/oidc.js

@@ -1,2 +1,3 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=oidc.js.map

package/dist/types/oidc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.js","sourceRoot":"","sources":["../../src/types/oidc.ts"],"names":[],"mappings":""}

package/dist/types/org.d.ts

@@ -8,7 +8,7 @@ This file is part of @p0security/cli
 
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
-declare type BaseOrgData = {
+type BaseOrgData = {
     clientId: string;
     providerId: string;
     providerDomain?: string;
@@ -16,13 +16,13 @@ declare type BaseOrgData = {
     tenantId: string;
 };
 /** Publicly readable organization data */
-export declare type RawOrgData = BaseOrgData & ({
+export type RawOrgData = BaseOrgData & ({
     providerType?: "okta";
 } | {
     providerType?: "ping";
     environmentId: string;
 });
-export declare type OrgData = RawOrgData & {
+export type OrgData = RawOrgData & {
     slug: string;
 };
 export {};

package/dist/types/org.js

@@ -10,3 +10,4 @@ This file is part of @p0security/cli
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
 Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=org.js.map

package/dist/types/org.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"org.js","sourceRoot":"","sources":["../../src/types/org.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG"}

package/dist/types/request.d.ts

@@ -13,19 +13,19 @@ import { PluginSshRequest } from "./ssh";
 export declare const DONE_STATUSES: readonly ["DONE", "DONE_NOTIFIED"];
 export declare const DENIED_STATUSES: readonly ["DENIED", "DENIED_NOTIFIED"];
 export declare const ERROR_STATUSES: readonly ["ERRORED", "ERRORED", "ERRORED_NOTIFIED"];
-export declare type PermissionSpec<K extends string, P extends {
+export type PermissionSpec<K extends string, P extends {
     type: string;
 }, G extends object | undefined = undefined> = {
     type: K;
     permission: P;
     generated: G;
 };
-export declare type PluginRequest = K8sPermissionSpec | PluginSshRequest;
-export declare type Request<P extends PluginRequest> = P & {
+export type PluginRequest = K8sPermissionSpec | PluginSshRequest;
+export type Request<P extends PluginRequest> = P & {
     status: string;
     principal: string;
 };
-export declare type RequestResponse<T> = {
+export type RequestResponse<T> = {
     ok: true;
     message: string;
     id: string;

package/dist/types/request.js

@@ -8,3 +8,4 @@ exports.ERROR_STATUSES = [
     "ERRORED",
     "ERRORED_NOTIFIED",
 ];
+//# sourceMappingURL=request.js.map

package/dist/types/request.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"request.js","sourceRoot":"","sources":["../../src/types/request.ts"],"names":[],"mappings":";;;AAaa,QAAA,aAAa,GAAG,CAAC,MAAM,EAAE,eAAe,CAAU,CAAC;AACnD,QAAA,eAAe,GAAG,CAAC,QAAQ,EAAE,iBAAiB,CAAU,CAAC;AACzD,QAAA,cAAc,GAAG;IAC5B,SAAS;IACT,SAAS;IACT,kBAAkB;CACV,CAAC"}

package/dist/types/ssh.d.ts

@@ -13,14 +13,14 @@ import { AwsSsh, AwsSshPermissionSpec, AwsSshRequest } from "../plugins/aws/type
 import { GcpSsh, GcpSshPermissionSpec, GcpSshRequest } from "../plugins/google/types";
 import { Authn } from "./identity";
 import { Request } from "./request";
-export declare type CliSshRequest = AwsSsh | GcpSsh;
-export declare type PluginSshRequest = AwsSshPermissionSpec | GcpSshPermissionSpec;
-export declare type CliPermissionSpec<P extends PluginSshRequest, C extends object | undefined> = P & {
+export type CliSshRequest = AwsSsh | GcpSsh;
+export type PluginSshRequest = AwsSshPermissionSpec | GcpSshPermissionSpec;
+export type CliPermissionSpec<P extends PluginSshRequest, C extends object | undefined> = P & {
     cliLocalData: C;
 };
 export declare const SupportedSshProviders: readonly ["aws", "gcloud"];
-export declare type SupportedSshProvider = (typeof SupportedSshProviders)[number];
-export declare type SshProvider<PR extends PluginSshRequest = PluginSshRequest, O extends object | undefined = undefined, SR extends SshRequest = SshRequest, C extends object | undefined = undefined> = {
+export type SupportedSshProvider = (typeof SupportedSshProviders)[number];
+export type SshProvider<PR extends PluginSshRequest = PluginSshRequest, O extends object | undefined = undefined, SR extends SshRequest = SshRequest, C extends object | undefined = undefined> = {
     requestToSsh: (request: CliPermissionSpec<PR, O>) => SR;
     /** Converts a backend request to a CLI request */
     toCliRequest: (request: Request<PR>, options?: {
@@ -45,4 +45,4 @@ export declare type SshProvider<PR extends PluginSshRequest = PluginSshRequest,
     maxRetries: number;
     friendlyName: string;
 };
-export declare type SshRequest = AwsSshRequest | GcpSshRequest;
+export type SshRequest = AwsSshRequest | GcpSshRequest;

package/dist/types/ssh.js

@@ -3,3 +3,4 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.SupportedSshProviders = void 0;
 // The prefix of installed SSH accounts in P0 is the provider name
 exports.SupportedSshProviders = ["aws", "gcloud"];
+//# sourceMappingURL=ssh.js.map

package/dist/types/ssh.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../src/types/ssh.ts"],"names":[],"mappings":";;;AAkCA,kEAAkE;AACrD,QAAA,qBAAqB,GAAG,CAAC,KAAK,EAAE,QAAQ,CAAU,CAAC"}

package/dist/util.d.ts

@@ -1,13 +1,3 @@
-/** Copyright © 2024-present P0 Security
-
-This file is part of @p0security/cli
-
-@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
-
-@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
-**/
 import child_process from "node:child_process";
 export declare const P0_PATH: string;
 /** Waits the specified delay (in ms)

package/dist/util.js

@@ -23,10 +23,11 @@ This file is part of @p0security/cli
 
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
+const env_1 = require("./drivers/env");
 const node_child_process_1 = __importDefault(require("node:child_process"));
 const node_os_1 = __importDefault(require("node:os"));
 const node_path_1 = __importDefault(require("node:path"));
-exports.P0_PATH = node_path_1.default.join(node_os_1.default.homedir(), ".p0");
+exports.P0_PATH = node_path_1.default.join(node_os_1.default.homedir(), env_1.config.environment === "production" ? ".p0" : `.p0-${env_1.config.environment}`);
 /** Waits the specified delay (in ms)
  *
  * The returned promise is cancelable:
@@ -107,3 +108,4 @@ exports.unexpectedValueError = unexpectedValueError;
  */
 const ciEquals = (a, b) => a.localeCompare(b, undefined, { sensitivity: "accent" }) === 0;
 exports.ciEquals = ciEquals;
+//# sourceMappingURL=util.js.map

package/dist/util.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,uCAAuC;AACvC,4EAA+C;AAC/C,sDAAyB;AACzB,0DAA6B;AAEhB,QAAA,OAAO,GAAG,mBAAI,CAAC,IAAI,CAC9B,iBAAE,CAAC,OAAO,EAAE,EACZ,YAAM,CAAC,WAAW,KAAK,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,YAAM,CAAC,WAAW,EAAE,CAC1E,CAAC;AAEF;;;;;;;;GAQG;AACI,MAAM,KAAK,GAAG,CAAC,aAAqB,EAAE,EAAE;IAC7C,IAAI,KAAK,GAA+B,SAAS,CAAC;IAClD,MAAM,OAAO,GAAG,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;QAC5C,KAAK,GAAG,UAAU,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;AACvE,CAAC,CAAC;AANW,QAAA,KAAK,SAMhB;AAEF;;;;GAIG;AACI,MAAM,OAAO,GAAG,CACrB,OAAgC,EAChC,aAAqB,EACrB,EAAE;IACF,MAAM,IAAI,GAAG,IAAA,aAAK,EAAC,aAAa,CAAC,CAAC;IAClC,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;IACnD,IAAI,MAAM,KAAK,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC;IACrD,IAAI,CAAC,MAAM,EAAE,CAAC;IACd,OAAO,MAAM,CAAC;AAChB,CAAC,CAAA,CAAC;AATW,QAAA,OAAO,WASlB;AAEF;;;GAGG;AACI,MAAM,IAAI,GAAG,CAClB,OAAe,EACf,IAAc,EACd,OAGC,EACD,EAAE;IACF,OAAA,IAAI,OAAO,CACT,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAClB,IAAI;YACF,MAAM,GAAG,GAAa,EAAE,CAAC;YACzB,MAAM,GAAG,GAAa,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,4BAAa,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,kCAC1C,CAAC,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,CAAC,KAClB,KAAK,EAAE,MAAM,IACb,CAAC;YACH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5C,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5C,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBACxB,MAAM,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC9B,MAAM,MAAM,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;gBACxC,IAAI,IAAI,KAAK,CAAC,KAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,CAAA;oBAC9B,MAAM,CACJ,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,8BAA8B,CAAC,EAAE,MAAM,CAAC,CACjE,CAAC;gBACJ,OAAO,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC,CAAC,CAAC;SACJ;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,CAAC,KAAK,CAAC,CAAC;SACf;IACH,CAAC,CACF,CAAA;EAAA,CAAC;AAjCS,QAAA,IAAI,QAiCb;AAEG,MAAM,gBAAgB,GAAG,CAAC,KAAY,EAAE,EAAE;IAC/C,MAAM,IAAA,mBAAW,EAAC,KAAK,CAAC,CAAC;AAC3B,CAAC,CAAC;AAFW,QAAA,gBAAgB,oBAE3B;AAEK,MAAM,WAAW,GAAG,CAAC,KAAY,EAAE,EAAE;IAC1C,OAAO,IAAA,4BAAoB,EAAC,KAAK,CAAC,CAAC;AACrC,CAAC,CAAC;AAFW,QAAA,WAAW,eAEtB;AAEK,MAAM,oBAAoB,GAAG,CAAC,KAAU,EAAE,EAAE,CACjD,IAAI,KAAK,CAAC,gCAAgC,KAAK,sBAAsB,CAAC,CAAC;AAD5D,QAAA,oBAAoB,wBACwC;AAEzE;;;;;;;;;GASG;AACI,MAAM,QAAQ,GAAG,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAC/C,CAAC,CAAC,aAAa,CAAC,CAAC,EAAE,SAAS,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,KAAK,CAAC,CAAC;AADpD,QAAA,QAAQ,YAC4C"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@p0security/cli",
-  "version": "0.10.0",
+  "version": "0.10.1",
   "description": "Execute infra CLI commands with P0 grants",
   "main": "index.ts",
   "repository": {
@@ -12,6 +12,9 @@
   "bin": {
     "p0": "p0"
   },
+  "engines": {
+    "node": ">=20.14"
+  },
   "files": [
     "dist",
     "p0",
@@ -62,6 +65,7 @@
     "eslint-plugin-promise": "^6.1.1",
     "jest": "^29.7.0",
     "prettier": "^3.2.4",
+    "ts-node": "^10.9.2",
     "ts-jest": "^29.1.2"
   },
   "scripts": {

package/dist/plugins/ssh-agent/index.d.ts

@@ -1,4 +0,0 @@
-import { AgentArgs } from "./types";
-export declare const privateKeyExists: (args: AgentArgs) => Promise<boolean>;
-export declare const addPrivateKey: (args: AgentArgs) => Promise<boolean>;
-export declare const withSshAgent: <T>(args: AgentArgs, fn: () => Promise<T>) => Promise<T>;

package/dist/plugins/ssh-agent/index.js

@@ -1,102 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.withSshAgent = exports.addPrivateKey = exports.privateKeyExists = void 0;
-/** Copyright © 2024-present P0 Security
-
-This file is part of @p0security/cli
-
-@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
-
-@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
-**/
-const keys_1 = require("../../common/keys");
-const subprocess_1 = require("../../common/subprocess");
-const stdio_1 = require("../../drivers/stdio");
-const isSshAgentRunning = (args) => __awaiter(void 0, void 0, void 0, function* () {
-    try {
-        if (args.debug)
-            (0, stdio_1.print2)("Searching for active ssh-agents");
-        // TODO: There's a possible edge-case but unlikely that ssh-agent has an invalid process or PID.
-        // We can check to see if the active PID matches the current socket to mitigate this.
-        yield (0, subprocess_1.asyncSpawn)(args, `pgrep`, ["-x", "ssh-agent"]);
-        if (args.debug)
-            (0, stdio_1.print2)("At least one SSH agent is running");
-        return true;
-    }
-    catch (_a) {
-        if (args.debug)
-            (0, stdio_1.print2)("No SSH agent is running!");
-        return false;
-    }
-});
-const isSshAgentAuthSocketSet = (args) => __awaiter(void 0, void 0, void 0, function* () {
-    try {
-        yield (0, subprocess_1.asyncSpawn)(args, `sh`, ["-c", '[ -n "$SSH_AUTH_SOCK" ]']);
-        if (args.debug)
-            (0, stdio_1.print2)(`SSH_AUTH_SOCK=${process.env.SSH_AUTH_SOCK}`);
-        return true;
-    }
-    catch (_b) {
-        if (args.debug)
-            (0, stdio_1.print2)("SSH_AUTH_SOCK is not set!");
-        return false;
-    }
-});
-const privateKeyExists = (args) => __awaiter(void 0, void 0, void 0, function* () {
-    try {
-        yield (0, subprocess_1.asyncSpawn)(args, `sh`, [
-            "-c",
-            `KEY_PATH="${keys_1.PRIVATE_KEY_PATH}" && KEY_FINGERPRINT=$(ssh-keygen -lf "$KEY_PATH" | awk '{print $2}') && ssh-add -l | grep -q "$KEY_FINGERPRINT" && exit 0 || exit 1`,
-        ]);
-        if (args.debug)
-            (0, stdio_1.print2)("Private key exists in ssh agent");
-        return true;
-    }
-    catch (_c) {
-        if (args.debug)
-            (0, stdio_1.print2)("Private key does not exist in ssh agent");
-        return false;
-    }
-});
-exports.privateKeyExists = privateKeyExists;
-const addPrivateKey = (args) => __awaiter(void 0, void 0, void 0, function* () {
-    try {
-        yield (0, subprocess_1.asyncSpawn)(args, `ssh-add`, [
-            keys_1.PRIVATE_KEY_PATH,
-            ...(args.debug ? ["-v", "-v", "-v"] : ["-q"]),
-        ]);
-        if (args.debug)
-            (0, stdio_1.print2)("Private key added to ssh agent");
-        return true;
-    }
-    catch (_d) {
-        if (args.debug)
-            (0, stdio_1.print2)("Failed to add private key to ssh agent");
-        return false;
-    }
-});
-exports.addPrivateKey = addPrivateKey;
-const withSshAgent = (args, fn) => __awaiter(void 0, void 0, void 0, function* () {
-    const isRunning = yield isSshAgentRunning(args);
-    const hasSocket = yield isSshAgentAuthSocketSet(args);
-    if (!isRunning || !hasSocket) {
-        throw "SSH agent is not running. Please start it by running: eval $(ssh-agent)";
-    }
-    const hasKey = yield (0, exports.privateKeyExists)(args);
-    if (!hasKey) {
-        yield (0, exports.addPrivateKey)(args);
-    }
-    return yield fn();
-});
-exports.withSshAgent = withSshAgent;

package/dist/plugins/ssh-agent/types.d.ts

@@ -1,13 +0,0 @@
-/** Copyright © 2024-present P0 Security
-
-This file is part of @p0security/cli
-
-@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
-
-@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
-**/
-export declare type AgentArgs = {
-    debug?: boolean;
-};